Versioning and Change log

This log details any breaking and non-breaking API changes we have released for our 3DS service.

Prerequisite: Make yourself familiar with ourAPI Principlesto ensure a resilient integration.

Versioning log

Breaking changes

  • header Content-Type and Accept changed to version 3:
Content-Type: application/vnd.worldpay.verifications.customers-v3.hal+json
Accept: application/vnd.worldpay.verifications.customers-v3.hal+json

Breaking changes

  • header Content-Type and Accept changed to version 2:

Content-Type: application/vnd.worldpay.verifications.customers-v2.hal+json
Accept: application/vnd.worldpay.verifications.customers-v2.hal+json

  • Error responses no longer contain path and status as keys

  • Invalid card numbers are now producing an error message

"validationErrors": [
    "errorName": "fieldHasInvalidValue",
    "jsonPath": "$.instruction.paymentInstrument.cardNumber",
    "message": "Card number is invalid"

Note: You can find documentation for all versionshere.

Change log (Non-breaking changes)

You can now authenticate a Network Payment Token using the "card/networkToken" paymentInstrument via the 3DSSDKandWebflow.

We now provide additional values in theauthentication and 3DS verification responseswhen the card brand is Cartes Bancaires. These additional values must then be applied in theauthorization request.

You can now supply the merchant.acquirerId in yourauthentication request. This flags to the issuer that the following authorization will be done with an external acquirer.

You now have the option to send overrideName in your authentication request with our3DS Web API. This field allows you to override the merchant name sent to the issuer.

You now have the option to send shippingAddress in the authentication request for our 3DSWeb APIandAndroid-iOS SDKs.

We recommend you send these details, if the shipping address is different to the billing address.

3DS1 test values are no longer available by default as 3DS1 has been decommissioned by the card schemes. The test values can be enabled if required.

paymentInstrument.cardHolderName field is no longer mandatory in authentication requests.

You now have an option to send browserLanguage and ipAddress fields in the deviceData object of the authentication request for 3DSWeb APIandAndroid-iOS SDKs.

In case of unsuccessful device data collection, providing these values will increase the chances of successful authentication.

For versions 2 and 3 we now return a transactionReferenceIsADuplicate error instead of unavailable when a duplicate transactionReference is used for an authentication request.

As part of changes to support a native mobile integration for 3DS2 we have made a new key:value available. The challenge object in the authentication response now contains the following:

challenge {

"payload": "eJxdUttugkAQ/RXic2V3qUgx4xqsTeqDplH6AQgToZGLu0vBfn13EcV2EpI558zMMhdYtPnJ..."

If provided, transactionId is returned as part of the 3DS1 authentication signatureFailed outcome. Whilst you should not proceed with payment authorization, the value can be useful for tracing.

Cardinal SDK Change log

The Access 3DS API is periodically tested against the latest version of the Cardinal SDK. Current tested Cardinal SDK version:

We strongly recommend signing uphereso you are kept informed of SDK updates.